Most Orgs Agonize Over IoT Security

The rise of the internet of things (IoT) and operational technology (OT) is causing serious anxiety for security and line of business (LoB) leaders, thanks to the negative business ramifications a security failure can have on critical business operations. Yet most organizations in a survey from Forrester Consulting lag when it comes to their security profiles in these areas.

According to the survey results, collected from more than 600 global enterprise businesses, 90% of companies are expecting to see their volume of connected devices increase over the next few years, but 77% agreed that the increased usage of connected devices creates significant security challenges.

For instance, 82% said that they struggle to identify all of their network-connected devices, and when asked who is primarily responsible for securing IoT, IT and LoB leaders did not have a clear answer or delineation of ownership. Additionally, over half of respondents (59%) said they are willing to tolerate a medium-to-high risk level in relation to compliance requirements for IoT security.

As a result, 76% of respondents said IoT-related anxieties are forcing them to rethink their IT and LoB security strategies. In all, more than half of respondents (54%) stated that they have anxiety due to IoT security, with LoB leaders having higher amounts (58%) compared to their IT counterparts (51%). Aside from an awareness of the magnitude of impact that a breach can have on enterprise operations, most are worried about the added costs and time needed to manage these devices, as well as a lack of security skills.

“The survey results demonstrate a dynamic shift in the way organizations are starting to think about security and risk as it relates to IoT,” said Michael DeCesare, president and CEO at ForeScout, which commissioned the survey. “Each new device that comes online represents another attack vector for enterprises and it only takes one device to compromise an entire network and disrupt business operations, which can impact the bottom line. Securing IoT is not just a cybersecurity issue, it is a business issue and operating at any risk level is too much. Enterprises need full visibility.”

Nonetheless, there are hurdles to overcome. IT and LoB respondents cited budget constraints (IT 45%; LoB 43%) as the greatest barrier to investing in IoT security, followed by senior leadership skepticism. The report found that, without the added investment, many security professionals will continue to rely on their traditional security approaches to protect IoT/OT (40%).

As for a best-practices path forward, the survey shows that a combination of top-down executive support, proper security tools and audits instill greater confidence in device visibility. In fact, 48% of all respondents stated that improving awareness and visibility of IoT devices is a top priority for improving IoT security, and 82% of respondents expect their IoT/OT security spend to increase over the next one to two years. When considering the adoption of IoT security solutions, more than half of the respondents (55%) said integration with existing security systems was the most important criteria.

“Businesses can already see the benefits of connecting devices to the network that were not traditionally connected to improve their business processes and functions,” the study noted. “Technological advancements have given rise to a deluge of new types of connected devices—i.e., internet of things (IoT)—which, in turn, introduce new security threats that enterprises are ill-equipped to combat and even recognize. With increased funding and a new security strategy focused on visibility and compliance, companies can begin taking strides forward to reduce their anxiety about IoT and regain confidence that their networks are secure.”